Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

ADV200007

Опубликовано: 22 апр. 2020
Источник: msrc

Описание

OpenSSL Remote Denial of Service Vulnerability

Microsoft is aware of a publicly disclosed remote denial of service vulnerability for OpenSSL version 1.1.1d and newer. Previous versions prior to 1.1.1d are unaffected.

The vulnerability is fixed in version 1.1.1g. For more information, please see the OpenSSL security advisory.

Microsoft has confirmed Windows is not affected by this vulnerability. We are currently investigating the wider impact and are applying mitigations to services as needed.

Recommended Actions

If you are running a Linux VM or have installed any products that use OpenSSL on Azure, please review the version on your system. We recommend that you check the security blog for the distro you are using.

Меры по смягчению последствий

Systems running a version of OpenSSL prior to 1.1.1.d are not vulnerable.

Обходное решение

Please refer to the OpenSSL security advisory for guidance.

FAQ

Is the Microsoft Linux Kernel in the Windows Subsystem for Linux 2 (WSL2) or in Azure Sphere affected by this vulnerability?

No, these Linux Kernels are not affected by this vulnerability in their default configurations.

I'm running a non-Microsoft Linux distribution. Where can I find information about fixes for this vulnerability?

Microsoft recommends that you follow the guidance from your software provider. The following table includes links to some of the most widely used products that use the Linux kernel.

ResourceHyperlink
CentOShttps://www.centos.org/
CoreOShttps://coreos.com/
Debianhttps://security-tracker.debian.org/tracker/CVE-2020-1967
Oracle Linuxhttps://www.oracle.com/linux/
Red Hat Enterprise Linuxhttps://access.redhat.com/security/cve/CVE-2020-1967
SUSE Linux Enterprisehttps://www.suse.com/security/cve/CVE-2020-1967/
openSUSEhttps://www.opensuse.org/
Ubuntuhttps://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-1967.html

We will update this table as distros release information to include specific guidance for this vulnerability. If you wish to be notified when the table is updated, you can subscribe to Microsoft Technical Security Notifications to receive notification whenever new content is published in Microsoft’s Security Update Guide. Find more information about these notifications here: Technical Security Notifications.

Обновления

ПродуктСтатьяОбновление
OpenSSL 1.1.1g
Release Notes
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

DOS

N/A